Backdoor?

Quicksearch

Disclaimer

The individual owning this blog works for Oracle in Germany. The opinions expressed here are his own, are not necessarily reviewed in advance by anyone but the individual author, and neither Oracle nor any other party necessarily agrees with them.

Navigation

< A380 | Querschüsse (Offener Komentar - revisited) >

Friday, November 16. 2007

Bruce Schneier writes in "Did NSA Put a Secret Backdoor in New Encryption Standard?":

But today there's an even bigger stink brewing around Dual_EC_DRBG. In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described a backdoor.

The problem behind cryptographic algorithms is: Can you really trust the inventors of cryptographic mechanisms? Should we only trust cryptographic mechanisms with a long history of scientific discourse? Can you trust cryptographic mechanisms from organisations with the job to know what other people transmit?

Posted by Joerg Moellenkamp in English, Security at 20:55 | Comment (1) | Trackback (1)

View as PDF: This entry | This month | Full blog

Trackbacks

Trackback specific URI for this entry

Dual_EC_DRBG added to Vista SP1
Do you remember the article linking to Bruce Schneiers article about the possible backdoor in the NIST-endorsed Dual_EC_DRBG random number generator. Well exactly this algorithm was added to Microsoft Vista SP1.. As Bruce writes it in his blog:t's not ena

Weblog: c0t0d0s0.org
Tracked: Dec 18, 14:49

Comments

Display comments as (Linear | Threaded)

This is "the security" problem. Another problem like that is in hardware, in software (I'm thinking electronic Voting Systems) and every thing you are around. You must trust it !! In A&A (Agents&Artifacts) world this problem is emphasized because an Artifact could seem a "pen" but it should be a "bomb", like in the human world. You can buy your "iPhone" and you can use it to see your bank-C. but, you must trust in "Safari" or, in higher level, in "iPhone".... in apple.

#1 Marco+Ramilli (Homepage) on 2007-11-16 23:09 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: Standard emoticons like :-) and ;-) are converted to images. Enclosing asterisks marks text as bold (word), underscore are made via _word_.
	Remember Information? Subscribe to this entry